ID CVE-2006-5333
Summary Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block.
References
Vulnerable Configurations
  • Oracle Database Server 10g 10.2.0.2
    cpe:2.3:a:oracle:database_server:10.2.0.2
CVSS
Base: 7.1 (as of 18-05-2016 - 12:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_OCT_2006.NASL
description The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB
last seen 2019-02-21
modified 2018-11-15
plugin id 56054
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56054
title Oracle Database Multiple Vulnerabilities (October 2006 CPU)
refmap via4
bid 20588
bugtraq 20061018 Analysis of the Oracle October 2006 Critical Patch Update
cert TA06-291A
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
hp
  • HPSBMA02133
  • SSRT061201
misc
sectrack 1017077
secunia 22396
vupen ADV-2006-4065
saint via4
bid 20588
description Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow
id database_oracle_version
osvdb 31462
title oracle_spatial_transform_layer
type remote
Last major update 18-05-2016 - 14:15
Published 17-10-2006 - 21:07
Last modified 17-10-2018 - 17:42
Back to Top